https://www.vice.com/en_us/article/gyzjym/the-internet-of-things-is-still-a-privacy-dumpster-fire-study-finds

A new study has once again found that most “internet of things” (IOT) devices routinely deliver an ocean of sensitive data to partners around the world, frequently without making these data transfers secure or transparent to the end user.

The full study, a joint collaboration between Northeastern University and Imperial College London took a closer look at 81 popular smart TVs, streaming dongles, smart speakers, and video doorbells made by vendors including Google, Roku, and Amazon. The results aren’t comforting: the majority of the devices collected and shared information including your IP address, device specs (like MAC address), usage habits, and location data. That data is then shared with a laundry list of third parties, regardless of whether the user actually has a relationship with those companies. “Nearly all TV devices in our testbeds contacts Netflix even though we never configured any TV with a Netflix account,” the researchers said. They noted that devices reach out to Netflix to relay information such as the TV set being used and the location it’s being used in. In a series of 34,586 experiments, the study found that 72 of the devices made contact with someone other than its manufacturer. In many instances, these transfers “expose information to eavesdroppers via at least one plaintext flow, and a passive eavesdropper can reliably infer user and device behavior from the traffic,” the researchers said.